The first day of the Pwn2Own 2023 hacking contest in Toronto, Canada, had exciting hits on popular devices, including Samsung’s Galaxy S23.
The flagship smartphone was hacked twice on the first day and will go for further testing on the second day. Overall, successful researchers have earned $75,000 combined and five Master of Pwn points each for hitting the Galaxy S23.
Exposing Bugs Despite Being Patched
Pwn2Own, the hacking competition held twice yearly, had crucial hits in the second edition of 2023. The first day of Pwn2Own in Toronto, Canada, had several security teams and researchers hitting smartphones and IoT devices.
The major is exploiting Samsung’s Galaxy S23, where Pentest Limited exposed a zero-day by using improper input validation to gain code execution privilege. This earned them a $50,000 reward and 5 Master of Pwn points. The same device was hit by STAR Labs SG team on the same day, where they exploited a permissive list of allowed inputs on Galaxy S23, earning $25,000 and 5 Master of Pwn points.
As per Pwn2Own rules, all the target devices at the event would run the latest operating system versions with all security updates installed. So, it should be worrisome to know that your device is unsafe even if it is fully updated. But again, all these exploits demonstrated are not published until the concerned OEM patches them.
Other devices being hit on the first day of Pwn2Own included the Xiaomi’s 13 Pro smartphone, printers, smart speakers, surveillance cameras and Network Attached Storage (NAS) devices from various brands like Western Digital, QNAP and Synology.
Overall, Trend Micro’s Zero Day Initiative, the organizer of Pwn2Own, has awarded $438,750 on the first day of the contest for 23 zero-day vulnerabilities. Samsung Galaxy S23 will again go onto the field tomorrow for the testing of exploits by security researcher Le Xich Long and Interrupt Labs.
Other Trending News:- News